Trend Micro InterScan Web Security Appliance 2500 Quick Start Manual

TREND MICRO
TM
InterScan Web Security Appliance 2500
TM
InterScan Web Security Appliance (IWSA) helps protect LAN users against Internet threats
TM
including worms, network viruses, phish sites, spyware, and viruses. Optional IWSA modules can
also provide Web content filtering and security against malicious Java applets and ActiveX controls.
Use this Quick Start Guide to get IWSA up and running on your network, and then use the
Administrator's Guide to configure, update, and test IWSA.
1
1
Open and inspect the IWSA carton
Please verify that your IWSA carton contains each of the following items:
InterScan Web Security
Appliance Power Cord
Console Cable (RS-232) Mounting Rail
Contact Information
Local offices: http://www.trendmicro.com/en/about/contact/us.htm
●
Phone: + 1 (800) 228-5651 or + 1 (408) 257-1500
●
Address: Trend Micro, 10101 N. De Anza Blvd., Cupertino, CA - 95014, USA
●
2
2
Understand the IWSA server
Unless you modify the proxy settings, IWSA is pre-configured to transparently scan all inbound
and outbound Web traffic — your end-users do not need to modify their browser settings. You
can also configure IWSA to work with an ICAP client.
Navigation Reboot ID light
buttons button button
Menu select
button
LCD menu
InterScan Web Security Appliance
front view
Power
on/off
Not used
External
System recovery or updates
port
ID light Not used
Internal
Not used
System status
port
Explanation of indicator lights and ports
The front of the IWSA server contains three indicator lights to reflect its operational status, and
three ports. The lights and ports are explained in the table that follows.
Light State Description
Power Orange–steady IWSA server is on and operating normally.
Off (no color) Device is off.
ID Blue–steady The unit identification light is on; use it to identify
the IWSA server in a crowded server room.
Orange–flashing The IWSA server is booting.
System Red–one flash Power-On Self-Test (POST).
Yellow–steady IWSA firmware is ready.
Off Not used.
Quick Start Guide Quick Start Guide
Port
Port 1 (INT)
Port 2 (EXT)
Port 3
Port 4
Port 5
Cross-over Cable
IWSA server back
CD, Jacket & Safety Card,
License & warranty
Port
RS-232
USB port
3 3
Decide the network configuration
Before proceeding with the IWSA setup, decide where on the LAN you want the IWSA server to
sit. IWSA supports three topologies:
Network Bridge
Clients — network device — IWSA — network device — Internet
●
IWSA logo
& model number
HTTP proxy
Router, switch,
bridge, etc.
IWSA console
http://IP-address:1812
Clients
Pass traffic from one network device such as a switch, router, or firewall to another device for
delivery to the requesting client. IWSA acts as a bridge between the devices and transparently
scans passing HTTP and FTP traffic.
Configurations
If your physical network is comprised of multiple IP segments, and IWSA will scan traffic for
●
clients from a different segment, join IWSA to the clients' segment by giving it a bridge ID from
that segment. You can set bridge ID settings from the IWSA console (Administration >
Bridge ID Settings).
If an L3 switch or router that receives client traffic from one segment will connect to an IWSA
●
server residing in a different segment, modify the IWSA routing table or static route settings so
it points to the device.
Note: If your physical network has VLAN settings, bind the management IP or bridge IDs to
the specific VLANs. See the IWSA Solutions CD or online help for details.
If the clients and IWSA are in the same segment, no configuration is required.
●
HTTP proxy
Clients — IWSA — Internet
●
In HTTP proxy mode, configure client browsers to use IWSA as a proxy. Connect your
network (device) to IWSA port 1. The default proxy port number is 8080.
Cable Description
Ethernet Use an Ethernet cable to route internal network traffic to IWSA.
Ethernet Route scanned traffic from IWSA to an external device
(for example, a firewall); this port is used only in bridge mode.
Disabled This port is not used.
Disabled This port is not used.
Cross-over Update or recover system files and firmware (DOM).
AC power
cable socket
InterScan Web Security Appliance
On/off
RS-232 serial Case connecting screw
Cooling fans
switch
connection
USB port
Cable Description
Console cable Connect a laptop to the RS-232 port to configure IWSA
hardware settings, update the firmware, or reinstall IWSA
program files. Requires Microsoft HyperTerminal (or a similar
program) on the laptop. See the Administrator's Guide for details.
Not used.
USB cable
Bridge Mode
Router, switch,
bridge, etc.
Serial port connection
HyperTerminal
HTTP proxy
Internal port External port
Firewall
IWSA
By default, IWSA installs in bridge mode, and acts as a
forward proxy (scanning client requests and downloads),
and is fully transparent to the user.
Other external
facing device
ICAP mode
Clients — ICAP capable cache server — Internet
●
I
IWSA (acting as ICAP server)
Choose this topology if you have an ICAP server on the network and you want it to pass traffic
to IWSA for scanning. IWSA will act as an ICAP server (and the original ICAP server then
behaves as an ICAP client). Connect your network device to IWSA port 1.
ICAP Mode
Internal port
2, 3
IWSA console
http://IP-address:1812
1
4
1
10
Clients
Notes on port usage
Use both the internal and external ports if you will be installing IWSA in bridge mode. Use only
the internal port for the other modes. Use port 5 to connect a laptop to the IWSA server and
run the system utilities from the IWSA Solutions CD.
Hardware setup
Use the chart below to prepare the network values for which IWSA will prompt you.
Value Your Answer
IP address for IWSA server:
(supports a-z, 0-9, -, and . )
Host name (domain.com):
Netmask (subnet):
Gateway:
Primary DNS:
Secondary DNS:
TMCM server IP address: (requires Control Manager)
TMCM account:
(the user name IWSA will use
(supports A-Z, a-z, 0-9, -, and _ )
to log in to the TMCM server)
Internet
4
4
Mount the IWSA server
Mount the IWSA server in a standard 19-inch 4-post rack, or on a free-standing device such as a
sturdy desktop. Instructions can be found in the back of the Administrator's Guide, which is
available on the IWSA Solutions CD and from the Trend Micro Update Center.
When mounting the server, be sure to allow at least two inches clearance in all directions for cooling.
5
5
Power IWSA on and off
To power on IWSA, press and release the power on/off switch of the IWSA device.
IWSA would normally be powered off during maintenance (such as upgrading the memory)
or when moving it to a different physical location.
Notes:
Power off IWSA only during maintenance to minimize the impact on HTTP and FTP traffic interruption
●
If IWSA is powered off by unplugging the device, traffic will be interrupted
●
If IWSA is on network bridge mode and "Fail-open on system error" is enabled in the Web
●
console (IWSA Web Console > HTTP > Configuration > Proxy Scan Settings):
HTTP and FTP traffic will not be interrupted
●
If IWSA is powered off, HTTP and FTP requests and responses will be passed but the traffic
●
will not be scanned, leaving your network unprotected
To power off IWSA, press and then hold the Power on/off switch for 5 to 10 seconds. In
noisier environments, users will feel that the device stops vibrating.
Router, switch,
bridge, etc.
HTTP proxy
5, 6
IWSA
Firewall
Internet
2, 3
8, 9
4
7
ICAP client
Other external
Note: Cached
facing device
Not cached